Posted
by
Hemos
on Monday May 22, 2006 @07:32AM
from the ironc-actions dept.

Dubpal writes "Apple Macintosh users can now fit their machines with theft protection software that reports back on what a thief is doing with their computer, should it ever be stolen. The software, named "Undercover" allows users to report their Macs as stolen, causing the software to report back with IPs, screenshots and even a picture of the thief and his surroundings. In addition to this, Undercover begins faking hardware faults, displaying messages and even reading them aloud, alerting anyone around that the Mac's been stolen."

Yes, you can. If you haven't registered Undercover yet, you can uninstall Undercover by clicking the Uninstall button in the setup assistant that's part of the installation process. If you are a registered Undercover user, please contact us and we will send you uninstall instructions. During uninstall you will need the Administrator password, to prevent thieves from uninstalling Undercover.

Can Undercover be uninstalled by a thief?

For a thief, uninstalling Undercover is impossible. You can only uninstall Undercover if you know the Administrator password for the given mac.

Errrrr, impossible? What a stupid thing to say. Admin password recovery is trivial under os x. [intelliot.com] And a serious thief would reinstall os x before reselling.

In other words, this piece of software is useful only to:

1) Stupid people (who are reassured by a false sense of security)

2) People who want to spy on someone.

Oh, and anyone tempted to quote the following from the faq at me:

What if someone does a clean install of OS X on my machine?

You can prevent this by installing a firmware password. You can find the firmware password utility on your Mac OS X Tiger DVD (in/Applications/Utilities/ on the disc).

1) Bypassing the firmware is also trivial on Apple machines - all you have to do is add some Ram, and boot:-/

2) Noone has a firmware bios password.

Oh, and last thing - again from the FAQ

Is it possible for Undercover to work behind a firewall?

Yes, Undercover has the ability to autodetect any proxy or firewall settings used to connect to the Internet. Undercover collects and autodetects the necessary settings to access the Internet even if your firewall requires a password.[emph mine]

Bullshit. If they could do that, they would be selling that, not their little toy spyware app.

I would expand on this. Theives who steal laptops are not known for their intelligence. Usually they're rather sorry sods who need some cash to get the next hit. Hence they take the laptop to a random pawn shop and get very little money (but enough to get their drugs) for it. It then gets re-sold to some middleman who reinstalls it (how else would you explain to the potential buyer that you don't know the password?) and sold on ebay. None of the people involved are particularly intelligent. But the whole process _still_ makes the afromentioned software pretty much useless.

It's a $30 program that provides a far sight more chance of recovering a stolen laptop than nothing does. I, for one, think it's worth it, even if it would only have a chance of working work 1/10 of the time.

Which I would be willing to wager is a pretty low guess, given the tech-savviness of your average opportunist thief - someone who knows enough about computers to know how to reset the firmware password on a Mac is more than likely going to be tech-savvy enough to be able to get a better job than stealing computers off of tables at coffee shops.

It's a $30 program that provides a far sight more chance of recovering a stolen laptop than nothing does.

Buy $30 worth of insurance - a much better solution.

enough about computers to know how to reset the firmware password on a Mac is more than likely going to be tech-savvy enough to be able to get a better job than stealing computers off of tables at coffee shops.

If the firmware password is set (I doubt it), then the thief will simply sell it to someone who knows how to bypass the firmware password. The va

It's a $30 program that provides a far sight more chance of recovering a stolen laptop than nothing does. I, for one, think it's worth it, even if it would only have a chance of working work 1/10 of the time.

I think you'd be better off investing in property insurance and a backup scheme. The insurance will replace the hardware, you backup will replace the lost content.

You'll also be protected against physical damage to the computer; the theft protection program won't do that.

$30 for a one-tenth chance of detection leading to a miniscule chance of recovery, versus $12 (yearly) insurance premium for a ~100% chance of replacement of the insured value (either in your homeowner's/renters insurance or as a special rider to it -- or www.safeware.com if you want to get stabbed through the eyes on fees, really go with whomever gives you the rest of your insurance they'll be HAPPY to take your money). Gee, I wonder which one is the better deal...

As a former volunteer at our local prison, you're crediting the average criminal with more intelligence then can be proven. Let me tell you, the average criminal lacks the common sense necessary to come out of the rain, let alone do a clean install of OS X.

Well, to be fair... If you work at a prison, you only see the criminals who were dumb enough to get caught, and furthermore too dumb to find a lawyer who could mount a useful enough defense to keep them out of prison.

In the majority of crimes, the perp gets away with it. Only the unlucky and the really, really stupid end up in prison.

Yes, but the majority of crimes are committed by a small minority of criminals, and the odds that a criminal will get caught doing something is high. Criminals are generally not very bright, which is not a startling claim if you realize the average human is not very smart, and half of them are less smart than average!:-)

Just call me Captain Nemo, then. (And it's not "BIOS" on a Mac; for anything even remotely recent, it's either "Open Firmware" or "EFI", depending on model.) "Only the seriously paranoid have a firmware/BIOS password," I will certainly grant.

I'll also note that a firmware bios password can also be bypassed by removing the hard drive and connecting to a new machine via any of the usual methods... at which point, removing Undercover becomes much simpler. And if there

at which point, removing Undercover becomes much simpler. And if there isn't a BIOS password to begin with, Undercover's also trivial to remove with target-mode booting and another Mac.

We should also remember that said thief will need to -look for- this program... Not every laptop thief reads/., and I had never heard of this before, so I wouldn't know to look for it (until now) either. Not only that but to remove it you'd have to boot up, and (I know, I haven't read yet:() does this thing phone home ever

I'm not under the impression that the common thief is someone savvey enough to even understand the language in your post... let alone, have that knowledge at the forefront of their mind to put it in action! Look.... I worked for Apple and I didnt know half the stuff you just said. But giving you the benifit of the doubt, we'll say that 5% of people who steal computers would know that. 1 in 20... What if you got your 17" powerbook stolen and had a 19 in 20 chance to get it back by providing the police with

I have issues with this, in that if the webcam is hardwired to the machine, and can be accessed remotely without the users knowledge - what stops a hacker spying on you for less legitimate reasons?

Like the schokwave debacle? I would have preferred Apple to have included a physical shutter to close the webcam when not in use rather than chance the unsightly aspects of my private life being shown to the masses. It's a little too orwellian for me.

true it does have a indicator light, but from what I've read on the apple developer mailing list you can turn that on and off independently from the camera. I may have been mistaken, but that is my understanding.

From what I remember, the light is wired into the power for the camera so there's no way to disable the light from coming on if the camera is on. That's what I remember Steve Jobs saying when they released the first Mac with the built in iSight.

It's a program that you install on your computer ahead of time. Like any other program, this one has access to the hardware in the machine, including the webcame. Like any program you install in your machine, it also has access to the Internet. It phones home at regular intervals, and if home responds that it's been stolen, it then starts collecting this information and saving it.

The Soviet Russia joke about the screen watching you would be too easy.. (I believe it was the "orginal" soviet russia joke by Yakov Smirnov). How about a 1984 reference?

[O'Brian] - do we have the incriminating pictures of Smith yet?
[Faceless Functionary] - umm.. no sir, there seems to be something blocking the camera. Our systems seems to have been defeated.
[O'Brian]- What? We've spent millions developing this technology! There is nothing wrong with our system.

One carefully crafted piece of black electrical ought to do the trick. That's pretty much the first thing I'd do after showing off my brand-new MacBook to friends.C'mon, who the hell would really use a built-in camera for anything serious after the first week of playing with the machine? Okay, besides the "video podcast" crowd or those chronic Internet expeditionists who get kicks out of waving their wangs around at complete strangers online. (Not that there's a whole lot of difference between these two gro

It is quite common to post ones little thoughts around a subject without reading TFA, and that is, if not OK then at least human. But when your ambition is to reveal supposedly fatal flaws with a product, you really should check your facts about what it claims to do, or at the very least re-read the abstact to make sure you at least understood that correctly.

Hint: it doesn't discover it is stolen, you (the owner) report it as such to the company.

If te thief decides to not use the net with the laptop, youre chances of getting it back are zero. So there goes the money you spent on both the laptop and the software.
I wonder if the money back guarantee takes that into account?

If te thief decides to not use the net with the laptop, youre chances of getting it back are zero. So there goes the money you spent on both the laptop and the software. I wonder if the money back guarantee takes that into account?

Just put a daily event in iCal with an alarm that sends an e-mail to yourself. Unless the thieves reinstall the OS (doubtful as I'd bet that most theives just want quick cash for their swag), the machine will send out an email to you everyday from its new location.

I rememmber about a year back I had a sales rep trying to sell me the same thing for a pc, I asked him if people could get around it by just reformating the drive, His answer was the the program would be still be installed. So i then asked him what would happen if someone just replaced the harddrive and he said it would still report back to its server. Then I asked him how does a program that only work on 2000/xp connect to a remote server on the internet somewhere if there is no internet connection and no

This sure is a nice program and I'm tempted to buy it, but only because it can help the police track down the criminal who stole my computer. But I would not want my computer back. Who knows where it's been, and how roughly it has been treated? I can't imagine that thieves treat computers with the care they need.My iBook was stolen recently, and although that is a PITA, I have backups so no data was lost. And with the money I got from the insurance company I can buy a new MacBook now!

Just like if my car is stolen, I don't want it back. Same reasons, plus it just wouldn't feel right. It is a violation of your "space," to have something stolen. I had my wallet stolen when I was a teen. I learned a lot of lessons from that event. The number one lesson is to be aware of your surroundings and don't be a victim.

Sending you screenshots of the laptop being used is very useful, most security software "phones home" but only gives limited information, like the IP address of the machine (public IP if it is NATed).

The stolen laptops that law enforcement have contacted me about, have been largely pointless (as I work for an ISP and have access to the customer records). The perpetraitor or possesor of stolen goods is almost always at a hotel (wifi hotspot - what have you). Under US law - John Doe search warrant of a hotel isn't good enough.

You can't wake everyone in a hotel up and search thier rooms, the police need a specific name and room number, they can only search one room.

So thus screen shots, and knowing the identity of the person who's using their stolen laptop, improves your chances of recovery immensely.

"Under US law - John Doe search warrant of a hotel isn't good enough."

Say he's using the laptop to coordinate a terrorist attack, that should get you a search warrent. You probably won't get the laptop back, but said theif will likely dissapear and never be heard from again.

have obviously never met the kind of person who steals laptops. Almost without exception they are heroin or crack addicts stealing for drugs. They will get perhaps fifty dollars from the pawnshop owner or dodgy friend and be very happy with it. For very obvious reasons the laptop will be sold on as quickly as possible, usually at far below market value. Given that 95%+ of laptops are unprotected, anything that doesn't boot straight into an OS will be refused by the middleman - for the same reason that there are very few mac and linux viruses, these guys never bother to learn much more than how to reinstall windows. The level of skill people are talking about when they say "the mac firmware password is easy to bypass" is more than enough skill to get a higher paying, lower risk job in IT rather than spending your day looking over your shoulder and dealing with jumped-up crackheads.

This is really a bit convoluted as an anti-theft measure, although it does look interesting. By far the best way to avoid having your laptop stolen is not to leave it unattended, not to use it anywhere you wouldn't wave $1000 in cash above your head and not to keep it in anything that resembles a laptop bag - use a ratty old satchel or a diaper bag. Muggers are just about the bottom of the criminal food chain, it doesn't take a lot to outsmart them. Just like net security, you just need to be a slightly more difficult target than the next guy and that next guy is talking on his cellphone while walking through a car park at 11pm with a swanky leather 'dell' bag on his shoulder.

I administer a network of over 8000 computers, half of which are Apple computers. We use a program from http://www.absolute.com/ [absolute.com] called Computrace (Win/Mac) and it writes a piece to the BIOS that calls home REGARDLESS of OS reinstall. If removed, it will reinstall the software to call back home. Can it be stopped? Yes, but only with packet captures and other assorted goodies. Works really slick and it has been tested.

Could you go to the authorities and say "OK, my Mac was stolen by this person", explain to them the situation, and would they actually be able to go after the person? And another thing. If I were to steal a MacBook (which however temping with my itty bitty iBook may be I wouldn't), the first thing I'd do if it started announcing to the world I'm a thief would be smash it into bitty bitty pieces and then let those pieces swim with the fish.......

a better method would be to sprinkle micro-scopic uniquely identifiable "dots" (with RFID) in/on the computer spares/parts. a central agency can keep track of lost/stolen hardware ID's and flag them whenever they're detected

yeah goooood Idea,
the next step would be either to add those chips in kids brain, just in case they get lost, or to add remote control on these chips (or even both)
I am always sad to see people willing to give-up privacy for security, I'd rather pay for the insurance. My laptop i

you have a point there, pep11. it sure wouldn't be a nice idea to implant chips in kids brain and add remote control on these chips. what i meant by this idea was the same as the technology that is used in cars.
the idea is to have small micrometer sized dots sprayed all over the car. it is *impossible* to clean-up the car of all the dots from a stolen car. investigators / spare part shops can detect stolen car parts this way. this prevents cars from being stolen and sold in parts as well. see here for more [montreal.ctv.ca]